https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Mark+A.+ArnoldOWASP - User contributions [en]2026-05-31T15:40:34ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=933562010 BASC Speakers2010-11-19T21:24:22Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers/Panelists}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful.<br />
<br />
=== Josh Corman === <br />
'''The 451 Group'''<br/><br />
''Panelist''<br /><br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow ===<br />
'''Tufts University, CS Department'''<br/><br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
<br />
=== Andrew Gronosky ===<br />
'''Raytheon/BBN Technologies'''<br/><br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter ===<br />
'''Rapid7'''<br/><br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br />
<br />
=== Christien Rioux ===<br />
'''SOURCE Conference/Veracode'''<br/><br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br />
<br />
=== Paul Schofield ===<br />
'''Imperva'''<br/><br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br />
<br />
=== Rob Cheyne ===<br />
'''Safelight Security Advisors'''<br/><br />
''Expert Panel Moderator''<br/><br />
Rob is the CEO of Safelight Security, a leading provider of both instructor-led and computer-based security training. He is a Boston-based information security expert who has taught information security training classes to over ten thousand students, including developers, architects, and managers for industry-leading organizations. He has 20 years of experience in the information technology field and has been working in information security since 1998. Over the years, he has played the role of software developer, systems integrator, security consultant and trainer. Rob was a co-founder of @stake, a highly regarded pioneer in information security consulting. In this role, he led and conducted secure architecture and design reviews, secure code reviews, application penetration tests, security assessments, and training for numerous Fortune 500 companies. Rob worked on @stake's SmartRisk Analyzer team, building software that automatically scans applications for vulnerabilities, and he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool. @stake was acquired by Symantec Corporation in October 2004.<br />
Rob regularly speaks at security conferences, and frequently presents to the Boston OWASP chapter on a variety of security topics. His specialties are application security architecture and information security training. <br />
<br />
=== John Carmichael ===<br />
'''Safelight Security Advisors'''<br/><br />
John Carmichael applies his software security expertise to the creation and delivery of world class security training for some of the world’s largest organizations. At Safelight Security Advisors, he is an integral part of the product team creating best of breed computer-based training courses. Prior to joining Safelight Security Advisors, John was a security trainer and consultant at both Security Innovation and Cigital. His software security experience is rooted in a background of software development with deep expertise in a myriad of languages and environments. He has developed enterprise class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned his B.S. degree in Computer Science and Business Administration from the University of Vermont and an M.S. degree in Computer Information System Security from Boston University.<br />
<br />
=== Dan Crowley ===<br />
'''Core Security'''<br/><br />
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br />
<br />
=== Zach Lanier ===<br />
'''Intrepidus Group'''<br/><br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.<br />
<br />
=== Shakeel Tufail ===<br />
'''Fortify'''<br/><br />
''Panelist''<br/><br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest BaseCamp.<br />
<br />
=== Justin Peavey ===<br />
'''Omgeo, LLC'''<br/><br />
''Panelist''<br/><br />
Justin S. Peavey is the Chief Information Security Officer for Omgeo LLC, the market leader in allocation, confirmation/affirmation, settlement notification, enrichment, operational analytics and counterparty risk management services between trade counterparties.. Prior to joining Omgeo, Justin was a VP at State Street performing security architecture and enterprise security program development with a specialization in application security. Justin has been working in the information security field for over 15 years primarily for the finance and defense industries and has worked with such companies as Lockheed Martin, Pratt & Whitney, Fidelity Investments, John Hancock, IBM Scientific Research Center, and RSA Security. Justin’s background is in security program development, security architecture, software development, and service delivery management.<br />
<br />
=== Adriel Desautels ===<br />
'''NetRagard, LLC'''<br/><br />
''Panelist''<br/><br />
Adriel T. Desautels is the President and CTO of Netragard, LLC. Among other things Adriel specializes in the delivery of advanced, high-threat anti-hacking services and covert network penetration methodologies. Prior to founding Netragard Adriel founded the internationally recognized SNOsoft Research Team, which quickly became the think tank for Secure Network Operations, Inc. Today SNOsoft is owned and operated by Netragard LLC. Adriel also has extensive experience and expertise in the design and deployment of sophisticated Intrusion Detection and Intrusion Prevention (IDS/IPS) systems. In early 2002 Adriel designed an IDS/IPS technology with powerful event correlation capabilities capable of accurately identifying real events buried in a high volume of noise. That technology was later acquired by a private third party. As a result of his expertise Adriel has acted as an expert witness in U.S. Federal Court. Today Adriel’s responsibilities at Netragard include but are not limited to the design and management of all of Netragard’s professional services. Adriel’s secondary responsibility is to run and maintain Netragard’s Exploit Acquisition Program (EAP). EAP is designed to acquire bleeding edge, high value research and intelligence from the hacking community.<br />
<br />
=== Brian Weekes ===<br />
'''GMO'''<br/><br />
''Panelist'' <br/><br />
Brian Weekes is an Infrastructure Team Lead at GMO managing the Linux Engineering group with over 14 years of experience in Information Technology. He played a major role in developing the foundation for the market data plant and trading platforms used for quantitative trading and research. Prior to joining GMO, Brian worked at Wyeth as a Senior Systems Architect to build a new infrastructure and migrate scientific discovery research to high performance computing environments on the Linux platform. <br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Sponsors&diff=933512010 BASC Sponsors2010-11-19T20:42:51Z<p>Mark A. Arnold: </p>
<hr />
<div><center><div style="font-size:110%; font-weight:bold;"><br />
We kindly thank our [[2010 BASC Sponsors|sponsors]] for their support. Please help us keep future BASCs free by visiting our sponsors.<br/><br />
</div></center><br />
== Platinum Sponsors (Listed Alphabetically) ==<br />
<center><br />
<br/><br/><br/><br />
[[File:Core_Logo_Final_Word_3_10.png|link=http://www.coresecurity.com//|CORE Security]]<br />
<div style="font-size:150%">Visit [http://www.coresecurity.com CORE Security]</div><br />
<br/><br/><br/><br />
[[File:Rapid7LogoLarge.png|alt=Rapid7|link=http://Rapid7.com|Rapid7]]<br />
<div style="font-size:150%">Visit [http://rapid7.com Rapid7]</div><br />
<br/><br/><br/><br />
[[File:Safelight_logo_large.gif|alt=SafeLight Logo|link=http://safelightsecurity.com|SafeLight Security Advisors]]<br />
<div style="font-size:150%">Visit [http://safelightsecurity.com SafeLight Security Advisors].</div><br />
<br/><br/><br/><br />
[[File:SI-Banner-755x160-v2.jpg|alt=Security Innovation Logo|link=http://securityinnovation.com|Security Innovation]]<br />
<div style="font-size:150%">Visit [http://securityinnovation.com Security Innovation].</div><br />
<br/><br/><br/><br />
[[File:boston-2010-source-500x126.jpg|link=http://www.sourceconference.com/|SOURCE]]<br />
<div style="font-size:150%">Visit [http://www.sourceconference.com/ SOURCE].</div><br />
<br/><br/><br/><br />
</center><br />
== Gold Sponsors (Listed Alphabetically) ==<br />
<center><br />
<br/><br/><br/><br />
[[File:AuricLogo_300x133.png|link=http://www.auricsystems.com|Auric Systems International]]<br />
<div style="font-size:150%">Visit [http://www.auricsystems.com Auric Systems International]</div><br />
<br/><br/><br/><br />
[[File:PAN-TNSC-290x109.jpg|link=http://www.paloaltonetworks.com/|Palo Alto Networks]]<br />
<div style="font-size:150%">Visit [http://www.paloaltonetworks.com/ Palo Alto Networks]</div><br />
<br/><br/><br/><br />
[[File:Whitehatlogo-medium.png|link=http://www.whitehatsec.com|WhiteHat Security]]<br />
<div style="font-size:150%">Visit [http://whitehatsec.com WhiteHat Security]</div><br />
<br/><br/><br/><br />
[[File:AppSecDC-2010-Sponsor-fortifyhp.gif|link=https://www.fortify.com/|Fortify]]<br />
</center><br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=932902010 BASC Speakers2010-11-18T22:08:35Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful.<br />
<br />
=== Josh Corman === <br />
'''The 451 Group'''<br/><br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow ===<br />
'''Tufts University, CS Department'''<br/><br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
<br />
=== Andrew Gronosky ===<br />
'''Raytheon/BBN Technologies'''<br/><br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter ===<br />
'''Rapid7'''<br/><br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br />
<br />
=== Christien Rioux ===<br />
'''SOURCE Conference/Veracode'''<br/><br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br />
<br />
=== Paul Schofield ===<br />
'''Imperva'''<br/><br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br />
<br />
=== Rob Cheyne ===<br />
'''Safelight Security Advisors'''<br/><br />
Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br><br />
<br />
=== John Carmichael ===<br />
'''Safelight Security Advisors'''<br/><br />
John Carmichael applies his software security expertise to the creation and delivery of world class security training for some of the world’s largest organizations. At Safelight Security Advisors, he is an integral part of the product team creating best of breed computer-based training courses. Prior to joining Safelight Security Advisors, John was a security trainer and consultant at both Security Innovation and Cigital. His software security experience is rooted in a background of software development with deep expertise in a myriad of languages and environments. He has developed enterprise class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned his B.S. degree in Computer Science and Business Administration from the University of Vermont and an M.S. degree in Computer Information System Security from Boston University.<br />
<br />
=== Dan Crowley ===<br />
'''Core Security'''<br/><br />
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/><br />
<br />
=== Zach Lanier ===<br />
'''Intrepidus Group'''<br/><br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.<br />
<br />
=== Shakeel Tufail ===<br />
'''Fortify'''<br/><br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=932892010 BASC Speakers2010-11-18T22:07:21Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful.<br />
<br />
=== Josh Corman === <br />
'''The 451 Group'''<br/><br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow ===<br />
'''Tufts University, CS Department'''<br/><br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
<br />
=== Andrew Gronosky ===<br />
'''Raytheon/BBN Technologies'''<br/><br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter ===<br />
'''Rapid7'''<br/><br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br />
<br />
=== Christien Rioux ===<br />
'''SOURCE Conference/Veracode'''<br/><br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br />
<br />
=== Paul Schofield ===<br />
'''Imperva'''<br/><br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br />
<br />
=== Rob Cheyne ===<br />
'''Safelight Security Advisors'''<br/><br />
Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br><br />
<br />
=== John Carmichael ===<br />
'''Safelight Security Advisors'''<br/><br />
John Carmichael applies his software security expertise to the creation and delivery of world class security training for some of the world’s largest organizations. At Safelight Security Advisors, he is an integral part of the product team creating best of breed computer-based training courses. Prior to joining Safelight Security Advisors, John was a security trainer and consultant at both Security Innovation and Cigital. His software security experience is rooted in a background of software development with deep expertise in a myriad of languages and environments. He has developed enterprise class software for large organizations such as Massachusetts Executive Office of Health and Human Services and Computer Science Corporation. John earned his B.S. degree in Computer Science and Business Administration from the University of Vermont and an M.S. degree in Computer Information System Security from Boston University.<br />
<br />
<br />
=== Dan Crowley ===<br />
'''Core Security'''<br/><br />
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/><br />
<br />
=== Zach Lanier ===<br />
'''Intrepidus Group'''<br/><br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.<br />
<br />
=== Shakeel Tufail ===<br />
'''Fortify'''<br/><br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Presentations&diff=932882010 BASC Presentations2010-11-18T22:02:46Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Presentations}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful.<br />
{{2010_BASC:Presentaton_Info_Template|HTML5 Security|Ming Chow|10|10|1}}<br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.<br />
{{2010_BASC:Presentaton_Info_Template|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky|11|11|1}}<br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls.<br />
{{2010_BASC:Presentaton_Info_Template|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter|13|13|1}}<br />
Business intelligence is a multi-billion industry. At the top of the product food chain is BusinessObjects. BusinessObjects is a very widely deployed business intelligence tool that’s focus is in managing, querying, analyzing, and reporting on business data. It is used by government entities (e.g. U.S Air Force), telecom companies (e.g. Verizon), car manufacturers (e.g. Nissan), and beverage companies (e.g. Coors) to retain and control vast amounts of data. If you are a penetration tester chances are you have run into at least one BusinessObjects server during an engagement. Yet, very few vulnerabilities have been publically released and, to the best of the authors knowledge, no white papers have been released on attack methodologies for BusinessObjects itself. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server from external and internal enumeration (e.g. Google dorks), fingerprinting techniques, account enumeration vulnerabilities, specific attack vectors for gaining access to accounts, privilege escalation vulnerabilities, and eventually full system compromise vulnerabilities that we have found during our research. Anyone interesting in attacking an organization that has BusinessObjects or SOA deployed in their environment should attend this talk.<br />
{{2010_BASC:Presentaton_Info_Template|What's Old Is New Again: An Overview of Mobile Application Security|Zach Lanier|14|14|1}}<br />
The ever-increasing prevalence of mobile devices brings with it a slew of security problems. Applications running directly on mobile devices(and web apps optimized for mobile clients) are ripe for the picking even by unsophisticated attackers. The attack classes that once applied to traditional network-facing, fat client, and web applications are now<br />
valid for mobile apps, as well. Insecure authentication and access control; home-grown crypto; and memory management problems are just some of the issues resurfacing on this new frontier. This presentation will discuss the security of some of the most popular applications running on mainstream mobile platforms such as Android, iPhone, Blackberry, and Windows Mobile.<br />
{{2010_BASC:Presentaton_Info_Template|Business Logic Attacks - BATs and BLBs|Paul Schofield|15|15|1}}<br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code<br />
{{2010_BASC:Presentaton_Info_Template|The Exploit Arms Race|Christien Rioux|16|16|1}}<br />
As defenses to exploits have become more sophisticated, so have the attacks required to circumvent them. A historical perspective will be presented, elaborating on the techniques used and the real reason why they were developed. Modern exploit technique has its roots in solving problems for the attacker, resulting in advanced exploits for the following<br />
categories of flaw: Stack Overflows, Heap Overflows, Cross-Site Scripting, SQL Injection, and Path Manipulations. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for both attacking software.<br />
{{2010_BASC:Presentaton_Info_Template|OWASP Basics 1 and 2|Robert Cheyne|10|11|2}}<br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with a foundation for further security learning. Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.<br />
{{2010_BASC:Presentaton_Info_Template|Coffee Shop Warefare:Protecting Yourself in Dark Territory|To Be Determined|13|13|2}}<br />
A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks.<br />
{{2010_BASC:Presentaton_Info_Template|Url Enlargement|Dan Crowley|14|14|2}}<br />
URL shorteners are ubiquitous in today's Internet culture and have a variety of uses for a variety of users. While many have theorized about the security issues and usages involved with URL shortening services (of which there are an impressive number), this talk will aim to demonstrate them, along with interesting statistics such as the percentage of Goatse-equivalent short URLs. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
{{2010_BASC:Presentaton_Info_Template|Web Applications and Data Tokenization|Kenny Smith|15|15|2}}<br />
Tokenization has become increasingly popular as a method to protect sensitive data and reduce the scope of security requirements such as PCI DSS. Many solutions now integrate directly with web applications, tokenizing data before it ever reaches internal corporate systems. As developers, you may be tasked with integrating tokenization into your applications. If done correctly, this can be a big win for your organization. This talk will cover the types of tokenization solutions, seeing through the marketing hype and vendor claims, and how to avoid some common mistakes that could greatly reduce tokenizations effectiveness. <br />
{{2010_BASC:Presentaton_Info_Template|Open SAMM|Shakeel Tufail|16|16|2}}<br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
{{2010_BASC:Footer_Template | Presentations}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=932872010 BASC Speakers2010-11-18T21:57:42Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful.<br />
<br />
=== Josh Corman === <br />
'''The 451 Group'''<br/><br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow ===<br />
'''Tufts University, CS Department'''<br/><br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
<br />
=== Andrew Gronosky ===<br />
'''Raytheon/BBN Technologies'''<br/><br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter ===<br />
'''Rapid7'''<br/><br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br />
<br />
=== Christien Rioux ===<br />
'''SOURCE Conference/Veracode'''<br/><br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br />
<br />
=== Paul Schofield ===<br />
'''Imperva'''<br/><br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br />
<br />
=== Rob Cheyne ===<br />
'''Safelight Security Advisors'''<br/><br />
Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br><br />
<br />
=== John Carmichael ===<br />
'''Safelight Security Advisors'''<br/><br />
<br />
=== Dan Crowley ===<br />
'''Core Security'''<br/><br />
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/><br />
<br />
=== Zach Lanier ===<br />
'''Intrepidus Group'''<br/><br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.<br />
<br />
=== Shakeel Tufail ===<br />
'''Fortify'''<br/><br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=932862010 BASC Speakers2010-11-18T21:57:04Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman === <br />
'''The 451 Group'''<br/><br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow ===<br />
'''Tufts University, CS Department'''<br/><br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
<br />
=== Andrew Gronosky ===<br />
'''Raytheon/BBN Technologies'''<br/><br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter ===<br />
'''Rapid7'''<br/><br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br />
<br />
=== Christien Rioux ===<br />
'''SOURCE Conference/Veracode'''<br/><br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br />
<br />
=== Paul Schofield ===<br />
'''Imperva'''<br/><br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br />
<br />
=== Rob Cheyne ===<br />
'''Safelight Security Advisors'''<br/><br />
Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br><br />
<br />
=== John Carmichael ===<br />
'''Safelight Security Advisors'''<br/><br />
<br />
=== Dan Crowley ===<br />
'''Core Security'''<br/><br />
Dan Crowley is an independent security researcher and lecturer also working for Core Security Technologies. Dan runs a security education group called CSEC, which is in the process of becoming a hackerspace. In his free time, he can frequently be found playing with Web-based technologies and locks.<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/><br />
<br />
=== Zach Lanier ===<br />
'''Intrepidus Group'''<br/><br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and general hackery, with frequent dabbling in security and privacy research.<br />
<br />
=== Shakeel Tufail ===<br />
'''Fortify'''<br/><br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE. In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Homepage&diff=932852010 BASC Homepage2010-11-18T21:20:26Z<p>Mark A. Arnold: </p>
<hr />
<div>[[File:Boston-Banner-468x60.gif|right]]<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
{{2010_BASC:Header_Template | Welcome}}<br />
This is the homepage for the 2010 Boston Application Security Conference (BASC). This free conference will take place on Saturday, November 20<sup>th</sup> at [http://microsoftcambridge.com/Default.aspx Microsoft New England Research and Development Center (NERD)].<br />
<br />
The BASC will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.<br />
<br />
{{2010 BASC:Section Template | The Details}}<br />
* Date: Saturday, November 20<sup>th</sup>, 2010<br />
* Time: 8:00 AM - 7:00 PM<br />
* Location: [http://microsoftcambridge.com/Default.aspx NERD]<br />
* Directions: [http://microsoftcambridge.com/About/Directions/tabid/89/Default.aspx NERD's website] or [http://maps.google.com/places/us/ma/cambridge/memorial-dr/1/-microsoft-new-england-research-and-development-center?hl=en&gl=us Google Maps]<br />
* Registration: [http://basc2010.eventbrite.com/ Online registration]<br />
* Agenda: [[2010_BASC_Agenda | Agenda]]<br />
* Speakers Details: [[2010_BASC_Speakers | Speakers]]<br />
* Presentation Details: [[2010_BASC_Presentations | Presentations]]<br />
* Call for papers: [[2010_BASC_Call_For_Papers | 2010 BASC CALL FOR PAPERS]]<br />
<br />
{{2010 BASC:Section Template | Registration}}<br />
Admission to the BASC is free but registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited. [http://basc2010.eventbrite.com/ Online registration] is now open and you are encouraged to register early.<br />
<br />
{{2010 BASC:Section Template | Call For Papers}}<br />
We are accepting presentation proposals. If you are interested in being a presenter at the 2010 BASC, you can read the complete [[2010_BASC_Call_For_Papers | 2010 BASC CALL FOR PAPERS]].<br />
<br />
{{2010_BASC:Footer_Template | Welcome}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=932412010 BASC Speakers2010-11-18T20:16:28Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman (The 451 Group) === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br/><br/><br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
Ming Chow is a scholar of science and technology and a Lecturer at the Tufts University Department of Computer Science. His areas of interests are computer security, game development, web application security, and Computer Science in Education. Ming co-edited a special issue of IEEE Security & Privacy on securing online games with Gary McGraw of Cigital, Inc. published in May 2009. Ming is a frequent guest speaker, and have spoke at numerous organizations, including New England Association of Insurance Fraud Investigators (NEAIFI), and the New England Chapter of the High Technology Crime Investigation Association (HTCIA-NE), the Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), John Hancock, and the Massachusetts Office of the Attorney General (AGO). Finally, Ming is a SANS GIAC Certified Incident Handler (GCIH).<br />
'''HTML5 Security'''<br/><br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.<br />
<br />
=== Andrew Gronosky (Raytheon/BBN Technologies) ===<br />
Mr. Andrew Gronosky is a staff engineer at Raytheon BBN Technologies. He has experience developing software for a variety of applications including data analysis and visualization, digital signal processing, and parallel and distributed systems. He holds a Master of Science degree in mathematics from Rensselaer Polytechnic Institute and is a member of the IEEE and the ACM. <br/><br />
'''A Crumple Zone for Service-Oriented Architectures'''<br/><br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
Joshua "Jabra" Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.<br/><br />
Mr. Vandevanter joined Rapid7 in 2008. Will has IT Security experience with a focus in web application security and secure software engineering. Will specializes in penetration testing, web application security assessments, and secure code development. In the past Will has also worked on a few different Open Source security projects including porting SELinux to OpenMoko and other Linux based mobile platforms. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science from James Madison University.<br><br />
'''Hacking SAP BusinessObjects'''<br/><br />
Business intelligence is a multi-billion industry. At the top of the product food chain is BusinessObjects. BusinessObjects is a very widely deployed business intelligence tool that’s focus is in managing, querying, analyzing, and reporting on business data. It is used by government entities (e.g. U.S Air Force), telecom companies (e.g. Verizon), car manufacturers (e.g. Nissan), and beverage companies (e.g. Coors) to retain and control vast amounts of data. If you are a penetration tester chances are you have run into at least one BusinessObjects server during an engagement. Yet, very few vulnerabilities have been publically released and, to the best of the authors knowledge, no white papers have been released on attack methodologies for BusinessObjects itself. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server from external and internal enumeration (e.g. Google dorks), fingerprinting techniques, account enumeration vulnerabilities, specific attack vectors for gaining access to accounts, privilege escalation vulnerabilities, and eventually full system compromise vulnerabilities that we have found during our research. Anyone interesting in attacking an organization that has BusinessObjects or SOA deployed in their environment should attend this talk.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology.<br />
Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.<br/><br />
'''The Exploit Arms Race'''<br/><br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
With broad business and technical experience ranging from mergers and acquisitions to incident response and investigations, Paul Schofield is a frequent and energetic public speaker.<br />
With over fourteen years of experience in Information Security and Risk Management, his diverse background he brings insightful perspectives to security and risk management discussions.<br />
Paul is currently a Senior Security Engineer with Imperva, an award winning application Security company.<br/><br />
'''Business Logic Attacks – BATs and BLBs'''<br><br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code.<br />
<br />
=== Rob Cheyne (CEO, Safelight Security Advisors) ===<br />
Rob was one of a select few at security consulting company @stake who regularly led and conducted full-blown enterprise-level architecture assessments for Fortune 500 companies. Drawing from his experience with dozens of real-world architecture assessments over the past 12 years, and his 20 years as a software developer, architect, and consultant, Rob teaches students to challenge assumptions that frequently lead to long-term security and reliability problems. <br><br />
'''OWASP Basics 1 and 2'''<br><br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with a foundation for further security learning. Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.<br />
<br />
=== John Carmichael (Safelight Security Advisors) ===<br />
'''Coffee Shop Warfare: Protecting Yourself in Dark Territory'''<br/><br />
A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks. <br />
<br />
=== Dan Crowley (Core Security)===<br />
'''URL Enlargement'''<br/><br />
URL shorteners are ubiquitous in today's Internet culture. This talk will aim to demonstrate them. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
<br />
=== Kenneth Smith ===<br />
Ken Smith, CISSP, CISA, GCIH is an Enterprise Information Security Architect with 15 years of experience in the information security space. He currently leads efforts related to IT risk management, compliance, and privacy for a private $1B e-Commerce, Catalog, and Retail organization. As a consultant, and former QSA, Ken has an extensive background in PCI DSS and has helped many organizations in the area of strategic planning, assessment, remediation plan development, and security program design. <br/><br />
'''Web Applications and Data Tokenization'''<br/><br />
Tokenization has become increasingly popular as a method to protect sensitive data and reduce the scope of security requirements such as PCI DSS. Many solutions now integrate directly with web applications, tokenizing data before it ever reaches internal corporate systems. As developers, you may be tasked with integrating tokenization into your applications. If done correctly, this can be a big win for your organization. This talk will cover the types of tokenization solutions, seeing through the marketing hype and vendor claims, and how to avoid some common mistakes that could greatly reduce tokenizations effectiveness.<br />
<br />
=== Zach Lanier (Intrepidus) ===<br />
Zach Lanier is a Senior Security Consultant with the Intrepidus Group, a<br />
firm specializing in security assessment services. Zach's areas of focus<br />
are network and application penetration testing, intrusion analysis, and<br />
general hackery, with frequent dabbling in security and privacy<br />
research.<br/><br />
'''What's Old Is New Again: An Overview of Mobile Application Security'''<br/><br />
The ever-increasing prevalence of mobile devices brings with it a slew<br />
of security problems. Applications running directly on mobile devices<br />
(and web apps optimized for mobile clients) are ripe for the picking<br />
even by unsophisticated attackers. The attack classes that once applied<br />
to traditional network-facing, fat client, and web applications are now<br />
valid for mobile apps, as well. Insecure authentication and access<br />
control; home-grown crypto; and memory management problems are just some<br />
of the issues resurfacing on this new frontier. This presentation will<br />
discuss the security of some of the most popular applications running on<br />
mainstream mobile platforms such as Android, iPhone, Blackberry, and<br />
Windows Mobile.<br />
<br />
=== Shakeel Tufail (Fortify) ===<br />
Shakeel Tufail is a Federal Practice Manager at Fortify, an HP company, where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.<br />
Mr. Tufail brings over 18 years of experience to the IT industry in the areas of network engineering, software development, quality assurance, risk management, and security.<br />
Recently, he led over 30 enterprise security assessments for DoD and Fortune Top 50 commercial organizations that directly led to improvement of their risk profile.<br />
Prior to joining Fortify, Mr. Tufail held positions such as Deputy Program Manager for the Pentagon Force Protection Agency, Managing Partner for Insyte, General Manager of CompUSA, and Lead Release Engineer for AOL Time-Warner’s AOL Instant Messenger development team and HOST Servers QA group.<br />
An active software assurance community member, Mr. Tufail contributes to standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, NSA, and the Department of Defense. He has accumulated over 25 industry standard certifications and is a member of OWASP, ISACA, ISSA, and IEEE.<br />
In his spare time, Shakeel enjoys travel, photography, and technical training at local schools. Recently, he hiked the Himalayas to Mt. Everest basecamp.<br/><br />
'''Open SAMM (Security Assurance Maturity Model)'''<br/><br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=930922010 BASC Agenda2010-11-16T19:28:21Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div><br />
<span style="font-size:130%">'''Breakfast and Registration'''</span><br/><br />
provided by our Platinum Sponsor<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
<div style="margin:10px;"><br />
<span style="font-size: 130%">'''[[2010_BASC_Presentations#Keynote|Keynote: From the Era of Vulnerabiquity to the Rugged Age]]'''</span><br/><br />
<span style="font-size: 120%">[[2010_BASC_Speakers#Josh Corman|Josh Corman]]</span><br/><br />
</div><br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" rowspan="2" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
<span style="font-size:130%">'''Lunch'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warfare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|*Talk Just Added* -TBA|TBA}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
<span style="font-size:130%">'''Social Time'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
<span style="font-size:130%">'''Expert Panel: Will we ''EVER'' be Secure?'''</span><br><br />
''<br />
Moderator:[http://authorurl.com Rob Cheyne], CEO, Safelight Security Advisors<br><br />
Panelist:[http://authorurl.com Josh Corman], Security Analyst, The 451 Group <br><br />
Panelist:[http://authorurl.com Justin Peavey], CISO, Omgeo <br><br />
Panelist:[http://authorurl.com Brian Weekes], Linux Infrastructure Lead, GMO<br><br />
Panelist:[http://authorurl.com Adriel DeSautels], CTO, NetRagard<br><br />
Panelist:[http://authorurl.com Shakeel Tufail], Security Analyst, Fortify<br><br />
<br />
<br />
''<br><br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
<span style="font-size:130%">'''Wrap Up'''</span><br><br />
|}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=930712010 BASC Agenda2010-11-16T18:36:29Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div><br />
<span style="font-size:130%">'''Breakfast and Registration'''</span><br/><br />
provided by our Platinum Sponsor<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
<div style="margin:10px;"><br />
<span style="font-size: 130%">'''[[2010_BASC_Presentations#Keynote|Keynote: From the Era of Vulnerabiquity to the Rugged Age]]'''</span><br/><br />
<span style="font-size: 120%">[[2010_BASC_Speakers#Josh Corman|Josh Corman]]</span><br/><br />
</div><br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" rowspan="2" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
<span style="font-size:130%">'''Lunch'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warfare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
<span style="font-size:130%">'''Social Time'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
<span style="font-size:130%">'''Expert Panel: Will we ''EVER'' be Secure?'''</span><br><br />
''<br />
Moderator:[http://authorurl.com Rob Cheyne], CEO, Safelight Security Advisors<br><br />
Panelist:[http://authorurl.com Josh Corman], Security Analyst, The 451 Group <br><br />
Panelist:[http://authorurl.com Justin Peavey], CISO, Omgeo <br><br />
Panelist:[http://authorurl.com Brian Weekes], Linux Infrastructure Lead, GMO<br><br />
Panelist:[http://authorurl.com Adriel DeSautels], CTO, NetRagard<br><br />
Panelist:[http://authorurl.com Shakeel Tufail], Security Analyst, Fortify<br><br />
<br />
<br />
''<br><br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
<span style="font-size:130%">'''Wrap Up'''</span><br><br />
|}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=930002010 BASC Speakers2010-11-15T17:32:52Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman (The 451 Group) === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
'''HTML5 Security'''<br/><br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.<br />
<br />
=== Andrew Gronosky (Raytheon/BBN Technologies) ===<br />
'''A Crumple Zone for Service-Oriented Architectures'''<br/><br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
'''Hacking SAP BusinessObjects'''<br/><br />
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
'''The Exploit Arms Race'''<br/><br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
'''Business Logic Attacks – BATs and BLBs'''<br/><br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code.<br />
<br />
=== Rob Cheyne (Safelight Security Advisors) ===<br />
'''OWASP Basics 1 and 2'''<br/><br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with a foundation for further security learning. Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.<br />
<br />
=== John Carmichael (Safelight Security Advisors) ===<br />
'''Coffee Shop Warfare: Protecting Yourself in Dark Territory'''<br/><br />
A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks. <br />
<br />
=== Dan Crowley (Core Security)===<br />
'''URL Enlargement'''<br/><br />
URL shorteners are ubiquitous in today's Internet culture. This talk will aim to demonstrate them. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
<br />
=== Kenneth Smith ===<br />
'''Web Applications and Data Tokenization'''<br/><br />
Tokenization has become increasingly popular as a method to protect sensitive data and reduce the scope of security requirements such as PCI DSS. Many solutions now integrate directly with web applications, tokenizing data before it ever reaches internal corporate systems. As developers, you may be tasked with integrating tokenization into your applications. If done correctly, this can be a big win for your organization. This talk will cover the types of tokenization solutions, seeing through the marketing hype and vendor claims, and how to avoid some common mistakes that could greatly reduce tokenizations effectiveness. <br />
<br />
=== Shakeel Tufail (Fortify) ===<br />
'''Open SAMM (Security Assurance Maturity Model)'''<br/><br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=929992010 BASC Speakers2010-11-15T17:31:50Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
'''HTML5 Security'''<br/><br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.<br />
<br />
=== Andrew Gronosky (Raytheon/BBN Technologies) ===<br />
'''A Crumple Zone for Service-Oriented Architectures'''<br/><br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
'''Hacking SAP BusinessObjects'''<br/><br />
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
'''The Exploit Arms Race'''<br/><br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
'''Business Logic Attacks – BATs and BLBs'''<br/><br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code.<br />
<br />
=== Rob Cheyne (Safelight Security Advisors) ===<br />
'''OWASP Basics 1 and 2'''<br/><br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with a foundation for further security learning. Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.<br />
<br />
=== John Carmichael (Safelight Security Advisors) ===<br />
'''Coffee Shop Warfare: Protecting Yourself in Dark Territory'''<br/><br />
A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks. <br />
<br />
=== Dan Crowley (Core Security)===<br />
'''URL Enlargement'''<br/><br />
URL shorteners are ubiquitous in today's Internet culture. This talk will aim to demonstrate them. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
<br />
=== Kenneth Smith ===<br />
'''Web Applications and Data Tokenization'''<br/><br />
Tokenization has become increasingly popular as a method to protect sensitive data and reduce the scope of security requirements such as PCI DSS. Many solutions now integrate directly with web applications, tokenizing data before it ever reaches internal corporate systems. As developers, you may be tasked with integrating tokenization into your applications. If done correctly, this can be a big win for your organization. This talk will cover the types of tokenization solutions, seeing through the marketing hype and vendor claims, and how to avoid some common mistakes that could greatly reduce tokenizations effectiveness. <br />
<br />
=== Shakeel Tufail (Fortify) ===<br />
'''Open SAMM (Security Assurance Maturity Model)'''<br/><br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=929882010 BASC Speakers2010-11-15T17:15:40Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
'''HTML5 Security'''<br/><br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. It has been demonstrated that the HTML5 offline application cache can be abused. The support for file-based client-side databases will open up the opportunity for SQL injection attack on client machines.<br />
<br />
=== Andrew Gronosky (Raytheon/BBN Technologies) ===<br />
'''A Crumple Zone for Service-Oriented Architectures'''<br/><br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
'''Hacking SAP BusinessObjects'''<br/><br />
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
'''The Exploit Arms Race'''<br/><br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
'''Business Logic Attacks – BATs and BLBs'''<br/><br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss "virtual patching" using a web application firewall, rather than fixing the application code.<br />
<br />
=== Rob Cheyne (Safelight Security Advisors) ===<br />
'''OWASP Basics 1 and 2'''<br/><br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with the basic building blocks of knowledge required to create a foundation for further security learning. Participants already knowledgeable on security may learn some new techniques for presenting and teaching this information.<br />
<br />
=== John Carmichael (Safelight Security Advisors) ===<br />
'''Coffee Shop Warfare: Protecting Yourself in Dark Territory'''<br/><br />
A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks. <br />
<br />
=== Dan Crowley (Core Security)===<br />
'''URL Enlargement'''<br/><br />
URL shorteners are ubiquitous in today's Internet culture. This talk will aim to demonstrate them. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
<br />
=== Kenneth Smith ===<br />
'''Web Applications and Data Tokenization'''<br/><br />
Tokenization benefits, drawbacks, work involved, seeing through the vendors claims, some big gotchas to avoid, and realizing ultimate value. See where tokenization makes sense and where it doesn't.<br />
<br />
=== Shakeel Tufail (Fortify) ===<br />
'''Open SAMM (Security Assurance Maturity Model)'''<br/><br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=929812010 BASC Speakers2010-11-15T17:08:57Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
'''HTML5 Security'''<br/><br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. It has been demonstrated that the HTML5 offline application cache can be abused. The support for file-based client-side databases will open up the opportunity for SQL injection attack on client machines.<br />
<br />
=== Andrew Gronosky ===<br />
'''A Crumple Zone for Service-Oriented Architectures'''<br/><br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
'''Hacking SAP BusinessObjects'''<br/><br />
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
'''The Exploit Arms Race'''<br/><br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
'''Business Logic Attacks – BATs and BLBs'''<br/><br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss "virtual patching" using a web application firewall, rather than fixing the application code.<br />
<br />
=== Rob Cheyne (Safelight Security Advisors) ===<br />
'''OWASP Basics 1 and 2'''<br/><br />
Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with the basic building blocks of knowledge required to create a foundation for further security learning. Participants already knowledgeable on security may learn some new techniques for presenting and teaching this information.<br />
<br />
<br />
=== John Carmichael (Safelight Security Advisors) ===<br />
'''Coffee Shop Warfare: Protecting Yourself in Dark Territory'''<br />
<br />
<br />
=== Dan Crowley (Core Security)===<br />
'''URL Enlargement'''<br/><br />
URL shorteners are ubiquitous in today's Internet culture. This talk will aim to demonstrate them. Come see what's behind the short URLs: personal documents, parasitic storage, authentication credentials, attacks and more!<br />
<br />
=== Kenneth Smith ===<br />
'''Web Applications and Data Tokenization'''<br/><br />
Tokenization benefits, drawbacks, work involved, seeing through the vendors claims, some big gotchas to avoid, and realizing ultimate value. See where tokenization makes sense and where it doesn't.<br />
<br />
=== Shakeel Tufail (Fortify) ===<br />
'''Open SAMM (Security Assurance Maturity Model)'''<br/><br />
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.<br />
<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Speakers&diff=929792010 BASC Speakers2010-11-15T16:58:33Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Speakers}}<br />
__FORCETOC__<br />
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.<br />
<br />
=== Josh Corman === <br />
Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.<br />
<br />
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.<br />
<br />
<br />
=== Ming Chow (Tufts University, CS Department) ===<br />
'''HTML5 Security'''<br />
The power of HTML5 allows developers to create <br />
web applications not just structured content, but its new features has increased the attack surface. It has been demonstrated that the HTML5 offline application cache can be abused. The support for file-based client-side databases will open up the opportunity for SQL injection attack on client machines.<br />
<br />
=== Andrew Gronosky ===<br />
'''A Crumple Zone for Service-Oriented Architectures'''<br />
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design <br />
for Java RMI based services and compare it with web application firewalls.<br />
<br />
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===<br />
'''Hacking SAP BusinessObjects'''<br />
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.<br />
<br />
=== Christien Rioux (SOURCE Conference) ===<br />
'''The Exploit Arms Race'''<br />
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time<br />
Stack Checking, DEP and ASLR, from attacks like trampolining,<br />
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.<br />
<br />
=== Paul Schofield (Imperva) ===<br />
'''Business Logic Attacks – BATs and BLBs'''<br />
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss "virtual patching" using a web application firewall, rather than fixing the application code.<br />
<br />
=== To Be Determined === <br />
Lots of interesting facts about this really good speaker. By the time you are done reading this you will be OOO-ing and AHH-ing without control. You'll be so impressed that you will flip head-over-heel.<br />
<br />
{{2010 BASC:Section Template | Conference Organizers}}<br />
* Conference Organizer<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Program Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]<br />
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson<br />
* Sponsorship Committee: <br />
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]<br />
* Website Editor <br />
** [mailto:neil.smithline@owasp.org Neil Smithline]<br />
<br />
{{2010_BASC:Footer_Template | Speakers}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929702010 BASC Agenda2010-11-15T08:26:41Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div><br />
<span style="font-size:140%">'''Breakfast and Registration'''</span><br/><br />
provided by our Platinum Sponsor<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
<div style="margin:10px;"><br />
<span style="font-size: 140%">'''[[2010_BASC_Presentations#Keynote|Keynote: From the Era of Vulnerabiquity to the Rugged Age]]'''</span><br/><br />
<span style="font-size: 120%">[[2010_BASC_Speakers#Josh Corman|Josh Corman]]</span><br/><br />
</div><br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
<span style="font-size:140%">'''Lunch'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|To Be Determined Presentation|To Be Determined}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
<span style="font-size:140%">'''Social Time'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
<span style="font-size:140%">'''Expert Panel'''</span><br><br />
''<br />
[http://authorurl.com Josh Corman] The 451 Group, Security Analyst <br><br />
[http://authorurl.com Adriel DeSautels] NetRagard CTO <br><br />
[http://authorurl.com Justin Peavey] Omgeo, CISO <br><br />
<br />
Moderator: [http://authorurl.com Rob Cheyne], Safelight Security Advisors, CEO''<br><br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
<span style="font-size:140%">'''Wrap Up'''</span><br><br />
|}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929692010 BASC Agenda2010-11-15T05:25:50Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div><br />
<span style="font-size:140%">'''Breakfast and Registration'''</span><br/><br />
provided by our Platinum Sponsor<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
<div style="margin:10px;"><br />
<span style="font-size: 140%">'''[[2010_BASC_Presentations#Keynote|Keynote: From the Era of Vulnerabiquity to the Rugged Age]]'''</span><br/><br />
<span style="font-size: 120%">[[2010_BASC_Speakers#Josh Corman|Josh Corman]]</span><br/><br />
</div><br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
<span style="font-size:140%">'''Lunch'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|To Be Determined Presentation|To Be Determined}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail|Fortify}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
<span style="font-size:140%">'''Social Time'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
<span style="font-size:140%">'''Expert Panel'''</span><br><br />
''<br />
[http://authorurl.com Josh Corman] The 451 Group, Security Analyst <br><br />
[http://authorurl.com Adriel DeSautels] NetRagard CTO <br><br />
[http://authorurl.com Justin Peavey] Omgeo, CISO <br><br />
<br />
Moderator: [http://authorurl.com Rob Cheyne], Safelight Security Advisors, CEO''<br><br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
<span style="font-size:140%">'''Wrap Up'''</span><br><br />
|}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929682010 BASC Agenda2010-11-15T04:59:30Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div><br />
<span style="font-size:140%">'''Breakfast and Registration'''</span><br/><br />
provided by our Platinum Sponsor<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
<div style="margin:10px;"><br />
<span style="font-size: 140%">'''[[2010_BASC_Presentations#Keynote|Keynote: From the Era of Vulnerabiquity to the Rugged Age]]'''</span><br/><br />
<span style="font-size: 120%">[[2010_BASC_Speakers#Josh Corman|Josh Corman]]</span><br/><br />
</div><br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
<span style="font-size:140%">'''Lunch'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|To Be Determined Presentation|To Be Determined}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
<span style="font-size:140%">'''Social Time'''</span><br/><br />
provided by our platinum sponsor<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
<span style="font-size:140%">'''Expert Panel'''</span><br><br />
''<br />
[http://authorurl.com Josh Corman] The 451 Group, Security Analyst <br><br />
[http://authorurl.com Adriel DeSautels] NetRagard CTO <br><br />
[http://authorurl.com Justin Peavey] Omgeo, CISO <br><br />
<br />
Moderator: [http://authorurl.com Rob Cheyne], Safelight Security Advisors, CEO''<br><br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
<span style="font-size:140%">'''Wrap Up'''</span><br><br />
|}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929332010 BASC Agenda2010-11-14T05:12:28Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
{{2010_BASC:WIP_Template}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div style="font-size: 120%;"><br />
'''Breakfast and Registration'''<br/><br />
provided by our Platinum Sponsor:<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Keynote|To Be Determined Presentation|Josh Corman}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
'''Lunch provided by our platinum sponsor'''<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
<br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|To Be Determined Presentation|To Be Determined}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
'''Social Time provided by our platinum sponsor'''<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
'''Expert Panel:'''<br><br />
''[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
Moderator: [http://authorurl.com Moderator Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
'''Wrap Up'''<br><br />
|}<br />
{{2010_BASC:WIP_Template}}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929322010 BASC Agenda2010-11-14T05:09:01Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
{{2010_BASC:WIP_Template}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div style="font-size: 120%;"><br />
'''Breakfast and Registration'''<br/><br />
provided by our Platinum Sponsor:<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Keynote|To Be Determined Presentation|Josh Corman}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
'''Lunch provided by our platinum sponsor'''<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
<br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|To Be Determined Presentation|To Be Determined}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Open SAMM|Shakeel Tufail}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
'''Social Time provided by our platinum sponsor'''<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
'''Expert Panel:'''<br><br />
''[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
Moderator: [http://authorurl.com Moderator Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
'''Wrap Up'''<br><br />
|}<br />
{{2010_BASC:WIP_Template}}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929312010 BASC Agenda2010-11-14T04:40:46Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
{{2010_BASC:WIP_Template}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div style="font-size: 120%;"><br />
'''Breakfast and Registration'''<br/><br />
provided by our Platinum Sponsor:<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Keynote|To Be Determined Presentation|Josh Corman}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
'''Lunch provided by our platinum sponsor'''<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|The Exploit Arms Race|Christien Rioux}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Url Enlargement|Dan Crowley}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
<br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Coffee Shop Warefare:Protecting Yourself in Dark Territory|John Carmichael}}<br />
|-<br />
<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Business Logic Attacks - BATs and BLBs|Paul Schofield}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|Web Applications and Data Tokenization|Kenny Smith}}<br />
|-<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
'''Social Time provided by our platinum sponsor'''<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
'''Expert Panel:'''<br><br />
''[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
Moderator: [http://authorurl.com Moderator Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
'''Wrap Up'''<br><br />
|}<br />
{{2010_BASC:WIP_Template}}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Agenda&diff=929302010 BASC Agenda2010-11-14T04:13:28Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Agenda}}<br />
{{2010_BASC:WIP_Template}}<br />
<!-- --------------------------------------------------------------------<br />
INSTRUCTIONS FOR EDITORS:<br />
<br />
Updating this agenda is a 3-step process. First you must convert the existing entries to the<br />
new format. You can do these one at a time or all at once. Whatever is easiest. Second, you need to<br />
fill in the data for the presentation. Third, miscellaneous details should be cleaned up.<br />
<br />
1) To convert a presentation to the new format:<br />
- Most importantly, look at the 10:00 time slot and use it as an example.<br />
- Find the time slot you want to modify.<br />
- If it already has the Presentation Agenda Template then you are done<br />
- Copy: {{2010_BASC:Presentaton_Agenda_Template|TYPE|To Be Determined Presentation|To Be Determined}}<br />
- Delete the text that is in the time slot already. This requires great care.<br />
You probably want to delete the lines that do not begin with a <br />
pipe (|) or an open curly ({).<br />
- Paste the text you copied into that time slot.<br />
- Replace the word "TYPE" with either "Presentation" or "Keynote"<br />
<br />
2) To fill in the appropriate data:<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Presentations and add<br />
the presentation's abstract. If you don't have an abstract,<br />
insert "Presentation abstract will be available shortly."<br />
- Go to http://www.owasp.org/index.php/2010_BASC_Speakers and add the speaker(s) bio.<br />
If you don't have bio information, just put the speaker's name into the page and <br />
and make their bio "Speaker information will be available shortly."<br />
Until it presents a problem, list multiple speakers as one.<br />
For example, "John Boy & Grandpa".<br />
- Find the right slot in the table.<br />
- Replace the "To Be Determined Presentation" text in the table<br />
with the presentation name __EXACTLY__ as it is on the presentation page.<br />
- Replace the "To Be Determined" text in the table<br />
with the speaker(s) name(s) __EXACTLY__ as it is on the bio page.<br />
<br />
3) Clean up whatever needs cleaning up.<br />
<br />
-------------------------------------------------------------------- --><br />
{| style="width:80%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#7B8ABD; color:white" |<br />
<br />
<h2>Saturday, November 20</h2> <br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 8:00-9:00 || colspan="2" style="width:80%; background:#D2D2D2" align="center" | <br />
<div style="font-size: 120%;"><br />
'''Breakfast and Registration'''<br/><br />
provided by our Platinum Sponsor:<br />
</div><br />
{| border="1"<br />
| [[File:Rapid7LogoSmall.png|300px|link=http://www.rapid7.com|Rapid7]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 09:00-09:50 || colspan="2" style="width:80%; background:#B0B0B0;" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Keynote|To Be Determined Presentation|Josh Corman}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" | || align="center" style="width:30%; background:#CFA49B" | '''Track 1'''<br/>Horace Mann Room<br />
| align="center" style="width:30%; background:#DFC799;" | '''Track 2'''<br/>Deborah Sampson / Paul Thomas Room<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 10:00-10:50 || style="width:30%; background:#BC857A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|HTML5 Security|Ming Chow}}<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#9BA8CF" align="center" | 11:00-11:50 || style="width:30%; background:#CFA49B" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky}}<br />
| style="width:30%; background:#DFC799" align="center" | <br />
{{2010_BASC:Presentaton_Agenda_Template|Presentation|OWASP Basics 1 and 2|Robert Cheyne}}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 12:00-13:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | <br />
'''Lunch provided by our platinum sponsor'''<br />
{| border="1"<br />
|[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 13:00-13:50 || style="width:30%; background:#BC857A" align="center" | <br />
<br />
'''[[Link to Preso Page | Track 1 Preso 3]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
'''[[Link to Preso Page | Track 2 Preso 3]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 14:00-14:50 || style="width:30%; background:#CFA49B" align="center" | <br />
<br />
'''[[Link to Preso Page | Track 1 Preso 4]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
| style="width:30%; background:#DFC799" align="center" | <br />
'''[[Link to Preso Page | Track 2 Preso 4]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 15:00-15:50 || style="width:30%; background:#BC857A" align="center" | <br />
<br />
'''[[Link to Preso Page | Track 1 Preso 5]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
| style="width:30%; background:#BCA57A" align="center" | <br />
'''[[Link to Preso Page | Track 2 Preso 5]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 16:00-16:50 || style="width:30%; background:#CFA49B" align="center" | <br />
<br />
'''[[Link to Preso Page | Track 1 Preso 6]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
| style="width:30%; background:#DFC799" align="center" | <br />
'''[[Link to Preso Page | Track 2 Preso 6]]''' <br><br />
''[http://authorurl.com Author Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:00-17:30 || colspan="2" style="width:30%; background:#C2C2C2" align="center" | <br />
'''Social Time provided by our platinum sponsor'''<br />
{| border="1"<br />
| [[File:boston-2010-source-277x70.jpg|link=http://www.sourceconference.com|SOURCE]]<br />
|}<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 17:30-18:30 || colspan="2" style="width:30%; background:#D2D2D2" align="center" | <br />
'''Expert Panel:'''<br><br />
''[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
[http://authorurl.com Presenter Name] Company & Title, <br><br />
Moderator: [http://authorurl.com Moderator Name]''<br><br />
[http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]<br />
<br />
|-<br />
| style="width:10%; background:#7B8ABD" align="center" | 18:30-19:00 || colspan="2" style="width:30%; background:#99FF99" align="center" | <br />
'''Wrap Up'''<br><br />
|}<br />
{{2010_BASC:WIP_Template}}<br />
{{2010_BASC:Footer_Template | Agenda}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Sponsors&diff=920182010 BASC Sponsors2010-10-27T03:32:27Z<p>Mark A. Arnold: </p>
<hr />
<div><center><div style="font-size:110%; font-weight:bold;"><br />
We kindly thank our [[2010 BASC Sponsors|sponsors]] for their support. Please help us keep future BASCs free by visiting our sponsors.<br/><br />
</div></center><br />
== Platinum Sponsors (Listed Alphabetically) ==<br />
<center><br />
<br/><br/><br/><br />
[[File:Rapid7LogoLarge.png|alt=Rapid7|link=http://Rapid7.com|Rapid7]]<br />
<div style="font-size:150%">Visit [http://rapid7.com Rapid7]</div><br />
<br/><br/><br/><br />
[[File:Safelight_logo_large.gif|alt=SafeLight Logo|link=http://safelightsecurity.com|SafeLight Security Advisors]]<br />
<div style="font-size:150%">Visit [http://safelightsecurity.com SafeLight Security Advisors].</div><br />
<br/><br/><br/><br />
[[File:SI-Banner-755x160-v2.jpg|alt=Security Innovation Logo|link=http://securityinnovation.com|Security Innovation]]<br />
<div style="font-size:150%">Visit [http://securityinnovation.com Security Innovation].</div><br />
<br/><br/><br/><br />
[[File:2010_BASC_SponsorLogo-755x160.png|alt=Platinum Sponsor Banner Logo|link=2010_BASC_Request_For_Sponsors|Be A Sponsor]]<br />
<div style="font-size:150%">Only GOLD Slots Left. Visit [[2010_BASC_Request_For_Sponsors|Our Request For Sponsors]] Page For More Info.</div><br />
<br/><br/><br/><br />
</center><br />
== Gold Sponsors (Listed Alphabetically) ==<br />
<center><br />
<br/><br/><br/><br />
[[File:Whitehatlogo-medium.png|link=http://www.whitehatsec.com|WhiteHat Security]]<br />
<div style="font-size:150%">Visit [http://whitehatsec.com WhiteHat Security]</div><br />
<br/><br/><br/><br />
[[File:2010_BASC_SponsorLogo-290x60.png|link=2010_BASC_Request_For_Sponsors|Be A Sponsor]]<br />
<div style="font-size:150%">Interested? Visit [[2010_BASC_Request_For_Sponsors|Our Request For Sponsors]]<br/><br />
Page For More Info.</div><br />
</center><br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Request_For_Sponsors&diff=904702010 BASC Request For Sponsors2010-10-01T14:28:55Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Request for Sponsors}}<br />
<br />
On November 20, 2010 '''[[Boston|OWASP Boston]]''' launches the inaugural '''Boston Application Security Conference 2010''' ([[2010 BASC Homepage|2010 BASC]]) to take place at Microsoft New England Research and Development Center ([http://microsoftcambridge.com/Default.aspx NERD]) in Cambridge, MA. The BASC is a one day, informal conference, aimed at increasing awareness and knowledge of application security. Many of the presentations will cover state-of-the-art application security concepts. The BASC is intended to appeal to a wide-array of attendees and is expected to attract over 150 attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time expand upon their application security knowledge and become better application security practitioners. We are pleased to announce that '''[http://www.the451group.com/about/bio_detail.php?eid=407 Josh Corman]''', renown 451 Group Security Analyst and evangelist and co-founder of [http://www.ruggedsoftware.org/ Rugged Software] is our confirmed keynote speaker for the [[2010 BASC Homepage|2010 BASC]].<br />
<br />
We invite potential sponsors to partner with us on two levels: $700.00 PLATINUM Level and $500.00 GOLD level. Gold level sponsorship includes a standard logo listing in program guide and event site and a table. We are seeking three Platinum sponsors to cover breakfast, lunch times and “happy hour” timeslots. Platinum sponsors benefits include premium signage (large logo listing in program and event site), table and additional credit/special mention in our program guide. There are 8 maximum sponsorships in all. '''''OWASP Boston’s non-profit status means all sponsorships are tax-deductible. OWASP Boston is a 501(c)(3) organization.''''' An extra benefit for sponsors is permanent brand presence on the BASC website alongside slides and, in some cases, video links of the conference presentation. Post-conference traffic to the BASC site means continued exposure for our sponsors.<br />
<br />
<br />
<center><div style="border: 3px solid #EEEEEE; font-size:130%;">'''Note'''<br><br />
The [[2010 BASC Homepage|2010 BASC]] can have a maximum of three platinum sponsors.<br/><br />
'''Two have been filled. Only one platinum sponsorship remains.'''<br />
See current [[2010 BASC Sponsors]].</div></center><br />
<br />
<br />
If you wish to sponsor this event or get more information about being a sponsor, please feel free to [mailto:basc-sponsors@onestopappsecurity.com email us]. 25% of all sponsorships monies go to supporting [http://owasp.org OWASP.org]. As you consider sponsorship of BASC 2010, we encourage you to become corporate member (if not one currently) of OWASP to further the organization’s efforts to improve the global application security landscape.<br />
<br />
== Sponsorship Logo Privileges ==<br />
Gold Sponsors get a logo on the [[2010 BASC Sponsors]] page of the BASC website as well as printed icons at various locations and on handouts at the conference. For the website, the logo should be about 17.5K pixels. This can be a 132x132 square logo or a 290x60 rectangular logo.<br/><br/><center><br />
[[File:2010_BASC_SponsorLogo-132x132.png|link=2010_BASC_Request_For_Sponsors|132x132]]<br/><br/><br />
[[File:2010_BASC_SponsorLogo-290x60.png|link=2010_BASC_Request_For_Sponsors|290x60]]<br/><br/></center><br />
We will be happy to work with other shapes in the same general size.<br />
<br />
Platinum sponsors get a logo of the above dimensions at the top of every page of the BASC website. They also get a banner logo of about 755x160 pixels.<br/><br/><center><br />
[[File:2010_BASC_SponsorLogo-755x160.png|link=2010_BASC_Request_For_Sponsors|755x160]]<br/><br/></center><br />
Platinum sponsors will get printed icons at prime locations and of larger size at various locations and on handouts at the conference. Each platinum sponsor will also be credited as sponsoring one of the [[2010 BASC Agenda|three food events]] during the conference.<br />
<br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=Template:2010_BASC:Sponsor_Bar_Template&diff=90469Template:2010 BASC:Sponsor Bar Template2010-10-01T14:23:52Z<p>Mark A. Arnold: </p>
<hr />
<div><div style="border:3px solid #EEEEEE;"><br />
<center><br />
<div style="font-size:130%; font-weight:bold;">Platinum Sponsors (Listed Alphabetically)</div><br />
<table width="100%"><tr><br />
<td width="33%">[[File:Rapid7LogoSmall.png|link=http://www.rapid7.com|Rapid7]]</td><br />
<td width="33%">[[File:SI-Banner-238x57.jpg|link=http://www.securityinnovation.com|Security Innovation]]</td><br />
<td width="33%">[[File:2010_BASC_SponsorLogo-290x60.png|link=2010_BASC_Request_For_Sponsors|Request For Sponsors]]</td><br />
</tr></table><br />
<br/><br/><br />
<div style="font-size:110%; font-weight:bold;"><br />
We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting [[2010 BASC Sponsors|all of our sponsors]].<br/><br />
</div><br />
</center></div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Homepage&diff=895142010 BASC Homepage2010-09-17T20:04:39Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Welcome}}<br />
This is the homepage for the 2010 Boston Application Security Conference (BASC). This free conference will take place on Saturday, November 20<sup>th</sup> at [http://microsoftcambridge.com/Default.aspx Microsoft New England Research and Development Center (NERD)].<br />
<br />
The BASC will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide-array of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time.<br />
<br />
== The Details ==<br />
* Date: Saturday, November 20<sup>th</sup>, 2010<br />
* Time: 8:00 AM - 5:30 PM<br />
* Location: [http://microsoftcambridge.com/Default.aspx NERD]<br />
* Directions: [http://microsoftcambridge.com/About/Directions/tabid/89/Default.aspx NERD's website] or [http://maps.google.com/places/us/ma/cambridge/memorial-dr/1/-microsoft-new-england-research-and-development-center?hl=en&gl=us Google Maps]<br />
* Registration: [http://basc2010.eventbrite.com/ Online registration]<br />
* Agenda: [[2010_BASC_Agenda | Agenda]] (a work in progress)<br />
* Call for papers: [[2010_BASC_Call_For_Papers | 2010 BASC CALL FOR PAPERS]]<br />
<br />
== Registration ==<br />
Admission to the BASC is free but registration is required for breakfast, lunch, and the evening social time. We will do everything possible to accommodate late registrants but the facility and food are limited. [http://basc2010.eventbrite.com/ Online registration] is now open and you are encouraged to register early.<br />
<br />
== Call For Papers ==<br />
We are accepting presentation proposals until October 10<sup>th</sup>. If If you are interested in being a presenter at the 2010 BASC, you can read the complete [[2010_BASC_Call_For_Papers | 2010 BASC CALL FOR PAPERS]].<br />
<br />
== Request for Sponsors ==<br />
We are soliciting sponsorship for BASC 2010. If If you are interested in being a sponsor, see the detailed request for [[2010_BASC_Sponsors | 2010 BASC REQUEST FOR SPONSORS]].<br />
<br />
{{2010_BASC:Footer_Template | Welcome}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Request_For_Sponsors&diff=895102010 BASC Request For Sponsors2010-09-17T18:13:33Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Request for Sponsors}}<br />
<br />
On November 20, 2010 '''OWASP Boston''' (http://www.owasp.org/index.php/Boston) launches the inaugural '''Boston Application Security Conference 2010''' (BASC 2010) (http://www.owasp.org/index.php/Boston_Application_Security_Conference) to take place Microsoft New England Research and Development Center (NERD http://microsoftcambridge.com/Default.aspx) in Cambridge, MA. The BASC will is a one day, informal conference, aimed at increasing awareness and knowledge of application security. Many of the presentations will cover state-of-the-art application security concepts. The BASC is intended to appeal to a wide-array of attendees and is expected to attract over 150 attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time expand upon their application security knowledge and become better application security practitioners. We are pleased to announce that '''Josh Corman''' (http://www.the451group.com/about/bio_detail.php?eid=407), renown 451 Group Security Analyst and evangelist and co-founder of “Rugged Software” (http://www.ruggedsoftware.org/) is our confirmed keynote speaker for BASC 2010. <br />
<br />
We invite potential sponsors to partner with us on two levels: 700.00 PLATINUM Level and 500.00 GOLD level. Gold level sponsorship includes a standard logo listing in program guide and event site and a table. We are seeking three Platinum sponsors to cover breakfast, lunch times and “happy hour” timeslots. Platinum sponsors benefits include premium signage (large logo listing in program and event site), table and additional credit/special mention in our program guide. There are 8 maximum sponsorships in all. '''''OWASP Boston’s non-profit status means all sponsorships are tax-deductible. OWASP Boston is a 501(c)(3) organization.''''' An extra benefit for sponsors is permanent brand presence on the BASC website alongside slides (and video) links of the conference presentation. Post conference traffic to the BASC site means continued exposure for our sponsors. <br />
<br />
Please affirm your desire to be a part of BASC 2010 in this capacity by replying to this communication. We will contact you in return to discuss the sponsorship process further. 25% of all sponsorships monies to support OWASP.org. As you consider sponsorship of BASC 2010, we encourage you to become corporate member (if not one currently) of OWASP to further the organization’s efforts to improve the global application security landscape.<br />
<br />
<br />
<br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Request_For_Sponsors&diff=895092010 BASC Request For Sponsors2010-09-17T18:09:08Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Request for Sponsors}}<br />
<br />
On November 20, 2010 OWASP Boston (http://www.owasp.org/index.php/Boston) launches the inaugural Boston Application Security Conference 2010 (BASC 2010) (http://www.owasp.org/index.php/Boston_Application_Security_Conference) to take place Microsoft New England Research and Development Center (NERD http://microsoftcambridge.com/Default.aspx) in Cambridge, MA. The BASC will is a one day, informal conference, aimed at increasing awareness and knowledge of application security. Many of the presentations will cover state-of-the-art application security concepts. The BASC is intended to appeal to a wide-array of attendees and is expected to attract over 150 attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time expand upon their application security knowledge and become better application security practitioners. We are pleased to announce that Josh Corman (http://www.the451group.com/about/bio_detail.php?eid=407), renown 451 Group Security Analyst and evangelist and co-founder of “Rugged Software” (http://www.ruggedsoftware.org/) is our confirmed keynote speaker for BASC 2010. <br />
<br />
We invite potential sponsors to partner with us on two levels: 700.00 PLATINUM Level and 500.00 GOLD level. Gold level sponsorship includes a standard logo listing in program guide and event site and a table. We are seeking three Platinum sponsors to cover breakfast, lunch times and “happy hour” timeslots. Platinum sponsors benefits include premium signage (large logo listing in program and event site), table and additional credit/special mention in our program guide. There are 8 maximum sponsorships in all. OWASP Boston’s non-profit status means all sponsorships are tax-deductible. OWASP Boston is a 501(c)(3) organization. An extra benefit for sponsors is permanent brand presence on the BASC website alongside slides (and video) links of the conference presentation. Post conference traffic to the BASC site means continued exposure for our sponsors. <br />
<br />
Please affirm your desire to be a part of BASC 2010 in this capacity by replying to this communication. We will contact you in return to discuss the sponsorship process further. 25% of all sponsorships monies to support OWASP.org. As you consider sponsorship of BASC 2010, we encourage you to become corporate member (if not one currently) of OWASP to further the organization’s efforts to improve the global application security landscape.<br />
<br />
<br />
<br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Request_For_Sponsors&diff=895082010 BASC Request For Sponsors2010-09-17T18:01:12Z<p>Mark A. Arnold: </p>
<hr />
<div>{{2010_BASC:Header_Template | Sponsors}}<br />
<br />
On November 20, 2010 OWASP Boston (http://www.owasp.org/index.php/Boston) launches the inaugural Boston Application Security Conference 2010 (BASC 2010) (http://www.owasp.org/index.php/Boston_Application_Security_Conference) to take place Microsoft New England Research and Development Center (NERD http://microsoftcambridge.com/Default.aspx) in Cambridge, MA. The BASC will is a one day, informal conference, aimed at increasing awareness and knowledge of application security. Many of the presentations will cover state-of-the-art application security concepts. The BASC is intended to appeal to a wide-array of attendees and is expected to attract over 150 attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time expand upon their application security knowledge and become better application security practitioners. We are pleased to announce that Josh Corman (http://www.the451group.com/about/bio_detail.php?eid=407), renown 451 Group Security Analyst and evangelist and co-founder of “Rugged Software” (http://www.ruggedsoftware.org/) is our confirmed keynote speaker for BASC 2010. <br />
<br />
We invite potential sponsors to partner with us on two levels: 700.00 PLATINUM Level and 500.00 GOLD level. Gold level sponsorship includes a standard logo listing in program guide and event site and a table. We are seeking three Platinum sponsors to cover breakfast, lunch times and “happy hour” timeslots. Platinum sponsors benefits include premium signage (large logo listing in program and event site), table and additional credit/special mention in our program guide. There are 8 maximum sponsorships in all. OWASP Boston’s non-profit status means all sponsorships are tax-deductible. OWASP Boston is a 501(c)(3) organization. An extra benefit for sponsors is permanent brand presence on the BASC website alongside slides (and video) links of the conference presentation. Post conference traffic to the BASC site means continued exposure for our sponsors. <br />
<br />
Please affirm your desire to be a part of BASC 2010 in this capacity by replying to this communication. We will contact you in return to discuss the sponsorship process further. 25% of all sponsorships monies to support OWASP.org. As you consider sponsorship of BASC 2010, we encourage you to become corporate member (if not one currently) of OWASP to further the organization’s efforts to improve the global application security landscape.<br />
<br />
<br />
<br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnoldhttps://wiki.owasp.org/index.php?title=2010_BASC_Request_For_Sponsors&diff=895072010 BASC Request For Sponsors2010-09-17T17:57:38Z<p>Mark A. Arnold: Stock Request for Sponsorship for BASC 2010</p>
<hr />
<div>{{2010_BASC:Header_Template | Sponsors}}<br />
{{2010_BASC:WIP_Template}}<br />
On November 20, 2010 OWASP Boston (http://www.owasp.org/index.php/Boston) launches the inaugural Boston Application Security Conference 2010 (BASC 2010) (http://www.owasp.org/index.php/Boston_Application_Security_Conference) to take place Microsoft New England Research and Development Center (NERD http://microsoftcambridge.com/Default.aspx) in Cambridge, MA. The BASC will is a one day, informal conference, aimed at increasing awareness and knowledge of application security. Many of the presentations will cover state-of-the-art application security concepts. The BASC is intended to appeal to a wide-array of attendees and is expected to attract over 150 attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors should be able to come to the BASC, learn, and hopefully enjoy themselves at the same time expand upon their application security knowledge and become better application security practitioners. We are pleased to announce that Josh Corman (http://www.the451group.com/about/bio_detail.php?eid=407), renown 451 Group Security Analyst and evangelist and co-founder of “Rugged Software” (http://www.ruggedsoftware.org/) is our confirmed keynote speaker for BASC 2010. <br />
<br />
We invite potential sponsors to partner with us on two levels: 700.00 PLATINUM Level and 500.00 GOLD level. Gold level sponsorship includes a standard logo listing in program guide and event site and a table. We are seeking three Platinum sponsors to cover breakfast, lunch times and “happy hour” timeslots. Platinum sponsors benefits include premium signage (large logo listing in program and event site), table and additional credit/special mention in our program guide. There are 8 maximum sponsorships in all. OWASP Boston’s non-profit status means all sponsorships are tax-deductible. OWASP Boston is a 501(c)(3) organization. An extra benefit for sponsors is permanent brand presence on the BASC website alongside slides (and video) links of the conference presentation. Post conference traffic to the BASC site means continued exposure for our sponsors. <br />
<br />
Please affirm your desire to be a part of BASC 2010 in this capacity by replying to this communication. We will contact you in return to discuss the sponsorship process further. 25% of all sponsorships monies to support OWASP.org. As you consider sponsorship of BASC 2010, we encourage you to become corporate member (if not one currently) of OWASP to further the organization’s efforts to improve the global application security landscape.<br />
<br />
<br />
{{2010_BASC:WIP_Template}}<br />
{{2010_BASC:Footer_Template | Sponsors}}</div>Mark A. Arnold